emolboss
(Emolboss)
3 Marzec 2012 14:06
#1
zwracam sie po raz 2 ;] pomocy jak uporac sie z tym wirusem . podaje raport OTL http://wklej.org/id/700800/ wystarczy instrukcja tak jak w nizej wymienionych tematach
stream
(stream)
3 Marzec 2012 14:16
#2
Uruchom OTL i w okienko Własne opcje skanowania / skrypt wklej
:OTL O4 - HKCU…\Run: [Antivirus Protection 2012 SH] C:\Documents And Settings\WinXPae\Dane aplikacji\Antivirus Protection 2012\securityhelper.exe (KlureIn) O4 - HKCU…\Run: [t62whauwfebc] C:\Documents And Settings\WinXPae\Dane aplikacji\Antivirus Protection 2012\securityhelper.exe (KlureIn) [2012-03-03 08:24:03 | 000,000,000 | —D | C] – C:\Documents And Settings\WinXPae\Dane aplikacji\Antivirus Protection 2012 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = pl.v9.com/ins/ins_1328876204_615960 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = pl.v9.com/ins/ins_1328876204_615960 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddr&s={searchTerms}&f=4 IE - HKLM…\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM…\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = pl.v9.com/ins/ins_1328876204_615960 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1708250 IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s IE - HKCU…\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU…\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU…\SearchScopes{0D7562AE-8EF6-416d-A838-AB665251703A}: “URL” = http://start.facemoods.com/?a=ddr&s={searchTerms}&f=4 IE - HKCU…\SearchScopes{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: “URL” = http://search.babylon.com/?q={searchTerms}&AF=108603&babsrc=SP_ss&mntrId=ac2db784000000000000001d92f1e125 IE - HKCU…\SearchScopes{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: “URL” = http://www.bigseekpro.com/search/browser/hypercam/{3E9DA850-924E-494B-B643-CEF97D62C132}?q={searchTerms} IE - HKCU…\SearchScopes{98301B2C-0561-48FF-87AD-8C442C0C2B1E}: “URL” = http://websearch.ask.com/redirect?client=ie&tb=MPC2&o=41647997&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=8E&apn_dtid=YYYYYYM1PL&apn_uid=5b046e5b-c9d3-4868-ba08-5f3da3a7ae4c&apn_sauid=7F36A5BE-FCD3-4DE6-A736-0BE1B0681E40 IE - HKCU…\SearchScopes{afdbddaa-5d3f-42ee-b79c-185a7020515b}: “URL” = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1708250 FF - prefs.js…browser.startup.homepage: “pl.v9.com/ins/ins_1328876204_615960 ” FF - prefs.js…keyword.URL: “http://search.babylon.com/?AF=108603&babsrc=adbartrp&mntrId=ac2db784000000000000001d92f1e125&q= ” FF - prefs.js…browser.search.defaultengine: “Ask.com ” FF - prefs.js…browser.search.defaultenginename: “Ask.com ” FF - prefs.js…browser.search.order.1: “Ask.com ” [2012-01-07 12:07:36 | 000,000,000 | —D | M] (DealBulldog Toolbar) – C:\Documents And Settings\WinXPae\Dane aplikacji\Mozilla\Firefox\Profiles\l5u3vr1s.default\extensions{75656794-AB59-4712-BFBC-5D816D56F3BC} [2012-02-29 08:07:29 | 000,000,000 | —D | M] (Free Lunch Design TB Community Toolbar) – C:\Documents And Settings\WinXPae\Dane aplikacji\Mozilla\Firefox\Profiles\l5u3vr1s.default\extensions{a5ae8924-4036-420f-b7f6-a47e4b8f692e} [2012-02-10 15:17:59 | 000,000,000 | —D | M] (Facemoods) – C:\Documents And Settings\WinXPae\Dane aplikacji\Mozilla\Firefox\Profiles\l5u3vr1s.default\extensions\ffxtlbr@Facemoods.com [2011-12-05 18:45:06 | 000,002,310 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012-02-29 08:04:45 | 000,001,406 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2012-02-10 13:16:44 | 000,002,415 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\v9.xml O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Free Lunch Design Toolbar) - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\prxtbFre2.dll (Conduit Ltd.) O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com \facemoods\1.4.17.3\bh\facemoods.dll (facemoods.com BHO) O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\DealBulldog Toolbar\tbcore3.dll () O3 - HKLM…\Toolbar: (DealBulldog Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\DealBulldog Toolbar\tbcore3.dll () O3 - HKLM…\Toolbar: (Free Lunch Design Toolbar) - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\prxtbFre2.dll (Conduit Ltd.) O3 - HKLM…\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM…\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com \facemoods\1.4.17.3\facemoodsTlbr.dll (facemoods.com ) O3 - HKCU…\Toolbar\WebBrowser: (DealBulldog Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\DealBulldog Toolbar\tbcore3.dll () O3 - HKCU…\Toolbar\WebBrowser: (Free Lunch Design Toolbar) - {57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC} - C:\Program Files\Free_Lunch_Design\prxtbFre2.dll (Conduit Ltd.) O4 - HKLM…\Run: [facemoods] C:\Program Files\facemoods.com \facemoods\1.4.17.3\facemoodssrv.exe (facemoods.com ) :Commands [emptytemp]
Klikasz Wykonaj skrypt . Program poprosi o restart komputera, zgadzasz się. Log z procesu usuwania zamieść nam na forum. Pobierz skaner Malwarebytes Anti-Malware i wykonaj pełne skanowanie, a wyniki zamieść na forum.
Pozdrawiam!
emolboss
(Emolboss)
3 Marzec 2012 14:45
#3
http://wklej.org/id/700832/ po usunięciu raport skan zaraz podam ;]
– Dodane 03.03.2012 (So) 16:21 –
i o to skan z Malwarebytes http://wklej.org/id/700865/
– Dodane 03.03.2012 (So) 16:47 –
http://i39.tinypic.com/ie1k5v.jpg skan ;]
stream
(stream)
3 Marzec 2012 15:56
#4
Skasuj wszystko co wykrył Malwarebytes Anti-Malware. Uruchom OTL i kliknij Sprzątanie.
emolboss
(Emolboss)
3 Marzec 2012 16:05
#5
ok dzięki za pomoc:) hm a jeszcze jedno pytanie mam czy jeszcze coć potrzeba jakiś program do aktualizacji programów ?